Vault 7: Year Zero

By Llama on March 7, 2017

(updated)

Wow.

What a day, huh? Is everyone’s eyes wide open now? I know mine are—yes, Wikileaks and @AnonScan, we can hear you now and it’s mind blowing. For those of you who are just hearing about this, the Vault 7 dropped today and it is a doozy. AND it’s only the first drop. So for those of you that didn’t know, the first announcement that Vault 7 was going to drop came from Wikileaks yesterday at 7:33 p.m. (EST):

Shortly thereafter, someone realized that if you changed the contrast on the tweet a hidden picture appeared:

The hidden picture is artist Jim Sanborn’s sculpture, Lingua, which can be viewed at the Walter E. Washington Convention Center. Jim Sanborn is the same artist who created the Kryptos sculpture outside CIA headquarters in Langley, Virginia and the word Kryptos actually shows up in Wikileaks a few times. If you have time to read THIS Hacking Team email that contains a blurb about Kryptos, keep in mind that was written in 2013. We should have all read it back then to prepare ourselves for today. Ugh, no time for regrets…

Back to Wikileaks’ Vault 7. After Wikileaks dropped their bombshell which included a link to a torrent file, people across the world started downloading it like frenzied bees. When I woke up this morning thinking I had a little time to guzzle some java before the 9am password release for the encrypted file I noticed a tweet from a few hours earlier announcing an 8 am EST Wikileaks press conference. Before the 9am password drop I had also wanted to get out a step-by-step guide for Mac users on how to download and unzip the Wikileaks file so, needless to say, after I saw the press conference announcement my place turned into an explosion of flying slippers, coffee spillage, speed-tweeting, and desperate attempts to find the live press conference feed.

To prepare us all for the “Year Zero” Vault 7 release Wikileaks tweeted out two links: One to the CIA/France 2012 Election documents, the second to some CIA documents that I’ve been meaning to read entitled, “CIA Travel Advice To Operatives.” According to Wikileaks, the classified documents detail, “how to maintain cover while traveling through airports using false ID…” Omg, is this a 9/11 hint?? Kidding, I don’t think it is but can you imagine? Even if you didn’t have time to read anything in those links before the Vault 7 drop, we had a LIVE press conference scheduled so all was right in the world, right? Well, not exactly. Three minutes after 8am, Wikileaks tweeted this out:

Did the Deep State really believe they could stop Assange? I mean, really? The man’s a beast. They gave it their best shot anyways and failed miserably. Within minutes Wikileaks released the password to the encrypted file and then they released the entire dump. *Boom.* So what exactly is Vault 7: Year Zero about? Straight from Wikileaks,

“…’Year Zero,’ comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina…[Year Zero] introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal and dozens of ‘zero day’ weaponized exploits against a wide range of U.S. and European company products, include (sic) Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs, which are turned into covert microphones.”

Remember that video @AnonScan posted of Assange where Assange said, “All secret services are incompetent because they are secret. Secrecy breeds incompetence.”? That was just one more clue pointing us in the right direction. In the Vault 7: Year Zero press release it states that Wikileaks obtained the CIA documents because, “Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation” and an archive containing this arsenal, which was passed around among U.S. hackers and contractors, was eventually passed along to Wikileaks.

And yes, the U.S. Intelligence community is a bunch of idiots. There is no nicer way of putting it.

So basically here’s what’s going on: The NSA has been spying on us for years and it sounds like the CIA decided to get in on the action through hacking and malware (although I’m certain further leaks will show other dirty little things they do). Essentially, as of today, the CIA has their own private surveillance party going and no one knows about it. Well…they do now. And the bottom line is that these programs have absolutely no public oversight or restraint. Again, no public oversight or restraint. As for the money that funds these programs, Wikileaks stated, “Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security Agency.” I realize that doesn’t answer the financing question outright for us because “I remember when the CIA went in front of Congress and asked for more money for their covert hacking and droning shenanigans,” said no one on planet Earth ever. But I’m sure the old argument “the war on terror” played a huge role in gaining Congressional funding and if I had the time to watch old C-Span videos believe you me I’d be all over it like a NSA agent on the last telephone call you just made.

There’s a lot of information in the Wikileaks press release and I highly recommend everyone read it because I did not cover all of it in this blog post. In fact, I probably didn’t cover 99% of what’s in this leak because I don’t understand much of it. So, what I’ve tried to do is take that daunting first page of documents (the Directory) and break it down into a much more simple and trimmed outline. I’ve followed the chart below from Wikileaks as guidance. Keep this chart handy for future reference. I have a feeling you may need it as a helpful aid for future leaks.

DIRECTORATE OF DIGITAL INNOVATION

Looking at the chart you can see that there is a CIA Executive Office and then five “major directorates” directly under the CIA’s control: DI, DDI, DO, DST, and DS. According to the CIA website, the Directorate of Digital Innovation (DDI) is the “Agency’s newest Directorate focused on accelerating innovation across the Agency’s mission activities with cutting-edge digital and cyber tradecraft and IT infrastructure.” Of course, if by cyber tradecraft they mean hacking and infecting everything on the planet then yes, they’ve definitely accelerated innovation across the board. Let’s get more specific.

Look at the chart again. Notice the Center for Cyber Intelligence (CCI) underneath the DDI? Right now we want to concern ourselves with the Engineering Development Group (EDG) which falls underneath the Center for Cyber Intelligence (CCI) and everything highlighted underneath that. From what I can gather, this is the CIA’s hacking/malware division and there is a shiz ton of stuff going on there. Although, quick side note, you may be interested to know that the CCI has a European division called “CCI Europe Engineering” which provides “engineering support…in both unilateral and liaison operations.” Click HERE for more information. Okay, remember at the beginning of this blog I talked about an “arsenal” of malware, viruses, trojans, etc. that were passed around and then eventually passed on to Wikileaks? You know, the Vault 7: Year Zero content? Yup, it looks like the EDG plus the AED, OSB, EDB, AIB, RDB, MDB, SED, and NDB are Vault7: Year Zero. But no quotes because tomorrow Wikileaks may drop more documents about hacking that involve, say, the ESD and SDB and make a liar out of me. This is just how I’m reading all of this.

Okay, let’s start with what I know about this hacking and malware division which shouldn’t take long because I don’t understand 99% of it; the large majority of information found in today’s leak are for skilled computer nerds, hackers, and professionals. I fall into none of those categories. Here’s what I do know from the Wikileaks press release: When the CIA starting housing basically their own “mini-hacking/malware NSA division,” they no longer had to worry about disclosing “controversial operations” to the NSA. One less agency looking over their shoulder, I suppose. And this was no small operation. As of the end of last year, the hacking division had “over 5000 registered users,” more code used than Facebook, and, again, absolutely no public oversight or restraint.

According to a CIA webpage, the Engineering Development Group (EDG), oh wait, that’s right, you can’t find these kinds of secret groups on the CIA website. Because they’re secret. Sorry. What I did find though was this Facebook page for a 2012 public event called, “MDGLCC Presents Opportunities with the CIA ‘LGBT CIA Stories.” The best part about this is that I got a name: Bill French. Apparently Bill used to be (and maybe still is) the Chief of EDG. Poor Bill. Facebook will get you every time. There are other names out there you can find in relation to the EDG but tonight I don’t have a lot of time for digging. But, if you do some sniffing around about Bill French I promise it will turn up some interesting tidbits like the fact that Bernie Sanders allegedly hired him for his foreign policy team and that he may be the same Bill French who founded the Center for the Study of Political Islam.

As for Wikileaks information on the EDG, again the press release gives us some very juicy if not disturbing details about this Group. First and foremost, the EDG builds the malware and hacking tools that the CIA uses to target smart TVs and both iPhones and Androids. According to the release,

“The EDG is responsible for the development, testing and operational support of all backdoors, exploits, malicious payloads, trojans, viruses and any other kind of malware used by the CIA in its covert operations world-wide.”

EDG Mobile: I believe this is the unit that attacks Android phones. How serious is this issue with cellphones? Put it this way, the CIA has developed or obtained malware that can “penetrate, infest and control both the Android phone and iPhone software that runs or has run presidential Twitter accounts.” So there’s that.

Applied Engineering Division (AED)
If you look at the chart again, you’ll see this is the first division directly underneath the EDG. It has five branches beneath it: OSB, EDB, AIB, RDB, and MDB.

The second branch underneath the AED. This branch developed “Weeping Angel,” which “infests smart TVs, transforming them into covert
microphones.” This program was developed alongside the UK’s MI5/BTSS.

“Potential Mission Areas for EDB” include infecting vehicle systems to which Wikileaks commented, “…it would permit the CIA to engage in nearly undetectable assassinations.” Naturally we all thought of Hastings and Putin’s driver who both died in fiery car crashes under suspicious circumstances.

According to Wikileaks, this branch has “developed several attack systems for automated infestation and control of CIA malware…” on Microsoft Windows. Some of their programs include “Assassin”and “Medusa.” For more on Microsoft Windows Users go HERE.

The RDB has a group called the Umbrage group which “collects and maintains a substantial library of attack techniques ‘stolen’ from the malware produced in other states including the Russian Federation.”

Here’s what set everyone off today about this program: According to Wikileaks, Umbrage and other related projects can “misdirect attribution” for attacks by leaving “fingerprints of the groups that attack techniques were stolen from.” Hi, fake news called. They want the Motherland back.

What else is this nasty program capable of? Keyloggers, password collection, webcam capture, and so much more.

According to Wikileaks, this branch “developed numerous attacks to remotely hack and control popular smart phones.” That’s right, the CIA wants to find out where you are, listen to you while you’re using your phone, listen to you when your off your phone, watch you through your phone camera, and read your text messages. And yes, they are capable of doing all of the above. Restraining order much, CIA?

Essentially what the branch does is produce “malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS…”

Projects: Tomahawk

SED (???)
SED is the second division underneath EDG. It has one branch beneath it:

This branch is under the SED Division. According to Wikileaks, this branch develops programs that attack “internet infrastructure and webservers.”

So yeah. That’s my incredibly trimmed down version of the release today so I hope it made sense. I feel like I haven’t slept since February 4th and I’m typing like a zombie. Bombshell doesn’t cover any of this stuff, folks, and these documents prove that our world is teetering on the edge of an abyss. Many people have risked their lives to share this information with us so let’s thank them by helping to pull this crazy world back from the edge.

MARCH 8, 2017 UPDATES

Yesterday I put out a fairly digestible summary about Wikileaks’ Vault 7: Year Zero drop. This summary should help us better understand the details of the tweets I’m going to cover today and where the information in the tweets are located in the Vault 7: Year Zero documents. There were a lot of details I didn’t get into in yesterday’s post and I can assure you, there is a lot of information that I don’t cover in today’s post, nor will I ever. Rather than trying to read and summarize technical documents that I’ll never understand I have decided that for today I will mainly summarize the tweets I’ve seen in the last 24 hours because they’re forthright, in layman’s terms that everyone can understand, and can give us greater insight into Vault 7 and reactions to it. I do want to quickly digress for a moment and point out an article that was posted by Wikileaks only days before the drop: “The New Geopolitics of Sweden: Feminism, Arms Exports to Dictatorships, & Nato. Impact in the Assange Case.” I think Americans’ world view can be quite narrow and selfish at times (I’m guilty of it, as well) so it’s important that we remember Assange’s struggle lies smack dab in the middle of this global shit storm. His detainment and quest for freedom deserves our attention, understanding, and support. For more information about his case including myths that are constantly put out in the media such as “he’s been charged for a crime” or that “he fled Sweden” (he had permission to leave) go to justice4assange.com.

Okay, tweets about the documents. Like I said, there were a ton of things I left out yesterday including information from Wikileaks’ press release. One of the first tweets that Wikileaks sent out after the drop was THIS one about the Umbrage program which gives a few more details than what I added yesterday. If you noticed in my post from yesterday, I’ve added more details to some of the branches and their programs such as RDB’s Umbrage program that includes a component Library with data regarding Windows webcam capture and other means for data collection such a keyloggers and “password stealers” According to Wikileaks, the “attack techniques” listed in this component library were “stolen from malware produced in other states including the Russian Federation.” Huh. Color me shocked.

Another thing I didn’t talk about yesterday was the fact that Wikileaks’ press release pointed out that the NSA,

“…secured a commitment from the Obama administration that the executive would disclose on an ongoing basis…serious vulnerabilities, exploits, bugs or ‘zero days’ to companies such as Apple and Microsoft.”

First, does everyone understand what a “zero day” or “zero day vulnerability” is? Essentially it’s a hole or vulnerability in a vendor’s software of which the vendor is unaware. Other related terms include, “zero day exploit” and “zero day attack” which is simply when a zero day vulnerability is attacked/hacked. So here’s the big deal about all of this:

Do you see what’s going on there? The U.S. government (Obama) agreed to release known “zero days” (vulnerabilities) that they found in the software from companies like Apple and Microsoft. And that’s a good thing. It helps those companies keep their software, critical infrastructure, and our own purchased products safer. But the CIA didn’t disclose the vulnerabilities they found and instead exploited them for their own nefarious purposes i.e. iPhone and the Android. This appears to be a huge part of Vault 7: Year Zero—as it should be. Not only is our own government failing to protect these companies (and American citizens), other foreign entities can exploit these same vulnerabilities. If you want to know how hackers felt about Obama’s (and the CIA) less than stellar performance to make companies aware of these vulnerabilities check out this Wikileaks tweet HERE. Ugh. Is anyone vomiting in their mouth yet?

Another thing I didn’t mention yesterday is “how the CIA dramatically increased proliferation risks.” Let me explain. In order for the CIA to do all the sneaky things they do they have to use classified information but they are not allowed to put that classified information on the internet. See the catch-22? Here’s an example: The CIA implants some malware on a Russian government computer. That malware will communicate data back to the CIA through Listening Posts (including 5 called “PocketPutin”) and Command and Control Systems via the internet. However, the malware, the listening posts and the command systems used to hack the Russian computer and gather data are all classified—at least they should be. But because no one wants to get prosecuted or fired for sending/using classified information over the internet the CIA simply made this stuff unclassified.

Because they are idiots. And there is not a nicer way of putting it.

Of course what this all leads to is that “cyber ‘arms’ manufacturers and computer hackers can freely ‘pirate’ these ‘weapons’ if they are obtained” and the CIA has “little legal recourse.” That’s a nice little cyber black market the CIA created there, isn’t it? Unbelievable. And in an effort to minimize damage and avoid detection, the CIA also created a “Tradecraft DOs and DON’Ts” list to “avoid fingerprints implicating the ‘CIA, US government, or its witting partner companies…” This is hardly shocking but did you notice the “witting partner companies” part? Yeah, that’s juicy. I wonder who’s on that list. See also below(Isn’t this a blatant cover-up of criminal activity??):

Okay, remember yesterday when Wikileaks tweeted out a link to their previously leaked documents about the CIA’s comings and goings through airports incognito-style? Well later on in the day they also tweeted out this article, “Frankfurt Used As Remote Hacking Base for the CIA: Wikileaks.” Yup, apparently the CIA used the American Consulate General Office (“the largest consulate in the world”) in Germany to develop “malicious software” that targeted Europe, the Middle East, and Africa. Could this be our “Where is Vault7?” answer? I don’t know but when you have a chance to read the other Wikileaks dump about CIA agents traveling through airports you probably should. The docs will be seen in a whole new light. For more about this “giant covert CIA hacker base” in Germany check out the video Wikileaks posted HERE.

A few more things of interest and then I’ll try to update again later. First, THIS CIA tool is way creepy:

Former CIA Director, Michael Hayden actually blamed the millennials for the Wikileaks’ leaks. Click the link and watch Hayden on the video—he legitimately fails to understand why some people in the Intelligence community want to stop nefarious government actions. Astounding really. What’s more, Glenn Greenwald tweeted this out stating, “Don’t worry: Bush’s CIA & NSA chief Michael Hayden tells CNN there’s no such thing as a Deep State in the US—just a ‘permanent government.” I know, I know, it’s infuriating. But here’s the dealio: The government has been lying directly to the public (and Congress) for decades so it’s not like this tactic hasn’t worked before. In fact, it’s almost always worked. And if it didn’t there was always little to no repercussions. So you know what we need to do: We hold them accountable or die trying. Not literally, folks. Llama’s not pushing an extremism agenda here (although the government probably deserves one).